Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2092544

Summary: [RFE] Expose certificate duration in Certificate object for Interconnect
Product: Service Telemetry Framework Reporter: Leif Madsen <lmadsen>
Component: distributionAssignee: Victoria Martinez de la Cruz <vimartin>
Status: CLOSED ERRATA QA Contact: Leonid Natapov <lnatapov>
Severity: medium Docs Contact: mgeary <mgeary>
Priority: medium    
Version: 1.4CC: jjoyce, jschluet, lhh, mburns, mgarciac, shrjoshi, stchen
Target Milestone: z1Keywords: FutureFeature, Triaged
Target Release: 1.5 (STF)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: service-telemetry-operator-container-1.5.1-2 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-30 00:44:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Leif Madsen 2022-06-01 19:11:27 UTC 
Description of problem: When creating the Interconnect manifest via Service Telemetry Operator, the duration of the certificate is not exposed to the `generateCaCert` parameter, resulting in certificates being created with a default expiration time of 90 days.

The result of this is that in RHOSP 13 and RHOSP 17.0 deployments using SSL configuration for the metrics_qdr service, a cloud update needs to be performed every 90 days with the new CA certificate contents to allow for data to transit the QDR bus to STF.

As part of the certificate manager refectoring and migration, we should allow control of the certificate duration so that it can be more than 90 days before certificates are rotated.


Version-Release number of selected component (if applicable): STF 1.3 and STF 1.4, AMQ Interconnect, AMQ Cert Manager


How reproducible: Always
Comment 2 Leif Madsen 2023-03-27 18:19:17 UTC 
Updating this to have a FIV for the STF 1.5.1 release and moving to VERIFIED.
Comment 7 errata-xmlrpc 2023-03-30 00:44:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Service Telemetry Framework 1.5 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:1529